The data breach suffered by Babylon Healthcare is an important warning to insurers active in the tele-health sector; systems must be tested multiple times, by users with varying levels of technical ability, BEFORE being deployed. Training for staff is vital and third party supplier links via email and apps in particular need to be checked as often as possible. Medical data is the one area where people are very upset when that is shared with others.
The health company confirmed the data breach yesterday, telling the BBC that a “software error” related to a feature that allows users switch from audio to video consultations halfway through a call, had caused a “small number” of UK users to be able to see others sessions.
In all it claimed three users were able to access other patients’ data. It’s not clear how many patients’ consultations were erroneously presented to those three (or whether they would each have been able to view each others’ video consultation conversations).
“On the afternoon of Tuesday 9 June we identified and resolved an issue within two hours,” Babylon told media, “whereby one patient accessed the introduction of another patient’s consultation recording. Our investigation showed that three patients, who had booked and had appointments today, were incorrectly presented with, but did not view, recordings of other patients’ consultations through a subsection of the user’s profile within the Babylon app.”
Kate Bevan, Which? Computing editor, said:
“No-one would invite a complete stranger to sit next to them in the doctor’s surgery, which is why this Babylon Health breach is so alarming.
“If consumers are to trust new digital health services and feel comfortable accessing health services including consultations online, security must be second to none.
“We urge all healthcare providers to review the digital platforms they’re using so that patients can feel confident that every step has been taken to ensure that their personal data remains confidential.”